Specify a maximal depth of backtracking for the pattern attribute on input elements #9469

vinhill · 2023-06-29T15:38:55Z

WebKit and Blink enforce a maximal depth of backtracking of 1,000,000 (see here for WebKit, here for Blink) when checking an input's value against a regular expression specified in #the-pattern-attribute. Gecko is discussing this in Bug 1837772. Without such a limit, a pattern like (\d+)* can hang a tab.

Such a backtracking limit could be included in the spec around the pattern attribute and it might be worth to discuss whether this limit should also be applied in other situations. There is already this wpt testing this behavior.

The text was updated successfully, but these errors were encountered:

annevk · 2023-06-30T12:25:53Z

This is a limit that appears to be implemented in the regular expression engine. It doesn't seem specific to input elements. As such this would be TC39 territory I think. And if it's not defined there the test is probably invalid.

cc @mathiasbynens @syg

vinhill · 2023-07-04T07:22:20Z

For Blink, the limit does not apply to JavaScript code, i.e. /(\d+)*$/.exec("0000011111111111111000z"). It does though apply in WebKit.

Only Blinks ScriptRegexp constructor applies the backtracking limit and seems to be used only for C++-side regexes.

mathiasbynens · 2023-07-04T07:26:27Z

@schuay @pthier, given that, do we really need to apply kBacktrackLimit for ScriptRegexp?

schuay · 2023-07-04T07:47:25Z

Yes IMO this still makes sense - for Blink's ScriptRegexp, the reasoning is described at crbug.com/966405 and https://bugs.chromium.org/p/chromium/issues/detail?id=89872#c26.

There's no spec yet, see whatwg/html#9469

annevk · 2023-07-07T00:23:55Z

@Constellation do you think it would make sense to have the limit on regular expressions only for <input pattern>? (WebKit currently has it on regular expressions in general.) So you'd only prevent against a loop when there's no JavaScript involved.

msaboff · 2023-09-05T18:36:34Z

I think it makes sense for RegExp engines to put a cap on recursion for both Scripts and HTML. Otherwise, as we can see, it is easy to create a webpage that hangs.

annevk · 2023-09-06T06:46:40Z

Thanks! I filed tc39/ecma262#3166 so TC39 can figure out how they want to approach this. Unless they define a limit inline, we'll need some kind of host hook if we are to enforce a limit.

There's no spec yet, see whatwg/html#9469

…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898

…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898 UltraBlame original commit: 871a2a733ec4d9e7705838554b960dfa4c86ad62

…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898

…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898 UltraBlame original commit: 871a2a733ec4d9e7705838554b960dfa4c86ad62

There's no spec yet, see whatwg/html#9469

vinhill mentioned this issue Jun 29, 2023

Exclude test for unspecified <input pattern> backtracking limit web-platform-tests/interop#371

Closed

zcorpan added topic: forms integration Better coordination across standards needed labels Jun 29, 2023

zcorpan added a commit to web-platform-tests/wpt that referenced this issue Jul 6, 2023

HTML: infinite_backtracking.html should be tentative

b03565a

There's no spec yet, see whatwg/html#9469

zcorpan mentioned this issue Jul 6, 2023

HTML: infinite_backtracking.html should be tentative web-platform-tests/wpt#40898

Merged

annevk mentioned this issue Sep 6, 2023

Specify a maximal depth of backtracking for RegExp tc39/ecma262#3166

Open

zcorpan added a commit to web-platform-tests/wpt that referenced this issue Sep 18, 2023

HTML: infinite_backtracking.html should be tentative

2f2a72d

There's no spec yet, see whatwg/html#9469

OrKoN pushed a commit to web-platform-tests/wpt that referenced this issue Sep 18, 2023

HTML: infinite_backtracking.html should be tentative

fa22424

There's no spec yet, see whatwg/html#9469

Lightning00Blade pushed a commit to Lightning00Blade/wpt that referenced this issue Dec 11, 2023

HTML: infinite_backtracking.html should be tentative

eb29305

There's no spec yet, see whatwg/html#9469

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Specify a maximal depth of backtracking for the pattern attribute on input elements #9469

Specify a maximal depth of backtracking for the pattern attribute on input elements #9469

vinhill commented Jun 29, 2023

annevk commented Jun 30, 2023

vinhill commented Jul 4, 2023

mathiasbynens commented Jul 4, 2023

schuay commented Jul 4, 2023

annevk commented Jul 7, 2023 •

edited

Loading

msaboff commented Sep 5, 2023

annevk commented Sep 6, 2023 •

edited

Loading

Specify a maximal depth of backtracking for the pattern attribute on input elements #9469

Specify a maximal depth of backtracking for the pattern attribute on input elements #9469

Comments

vinhill commented Jun 29, 2023

annevk commented Jun 30, 2023

vinhill commented Jul 4, 2023

mathiasbynens commented Jul 4, 2023

schuay commented Jul 4, 2023

annevk commented Jul 7, 2023 • edited Loading

msaboff commented Sep 5, 2023

annevk commented Sep 6, 2023 • edited Loading

annevk commented Jul 7, 2023 •

edited

Loading

annevk commented Sep 6, 2023 •

edited

Loading